Washington Post

The Heartbleed bug has put many consumers' user names and passwords at risk. Undetected for two years, the bug quietly undermined the basic security of the Internet.

But on top of all that, security researchers have now confirmed that Heartbleed could have been used by hackers to steal sensitive data needed to set up fake Web sites posing as legitimate ones. Analysts say criminals could use Heartbleed to impersonate as many as 500,000 sites across the Web. Those sites have yet to replace the security certificates responsible for verifying their identity to Web browsers.

But even after the sites do update their security certificates, Web browsers may still be unable to tell the difference between a fake site and the real one. Consumers could easily fall victim to online fraud if they go to one of the fake sites. It gets worse. The expected flood of certificate revocations is likely to seriously degrade the speed of the Internet, primarily because the global system for tracking certificate revocations is not equipped to handle such a massive change.

[Commentary] Tens of millions of Americans have been affected by the theft of their personal information in the digital age. Then, it was discovered that a bug had crept into OpenSSL that could allow intruders to read encrypted data contained in memory, such as passwords or credit cards. The bug has been called “Heartbleed” and could allow attackers to eavesdrop on communications, steal data and even impersonate users and Web services. We’re tempted to say this ought to be a wake-up call, but we have already had so many wake-up calls.

To put it bluntly: As a country and as a society, we have come to depend on a vast, interconnected system; if one small part fails, the impact is widespread. As noted in a forthcoming Atlantic Council report, the Internet was created to be based on trust, not security. Yet we continue to discover that it is vulnerable to theft, intrusion and disruption on an appalling scale. We are living in an age of growing danger but reacting with complacency.

The Administration unveiled a useful initiative, promising that sharing cyberthreat information among companies would not bring on antitrust liability. But this, and President Barack Obama’s other measures, including his voluntary cybersecurity framework, represent only what is doable given a continued lack of a consensus in Congress and a failure in the private sector to take all threats more seriously. They are timid measures in the face of an epic heartburn that will be costly for us all.

Most of us have spent the last few days trying not to fall victim to the Heartbleed bug -- changing passwords, checking routers, making sure we're protected, and so on. But one company is actively inviting hackers to try to steal a secret key from a server that contains the vulnerability.

How can this possibly be a good idea?

Well, if the challenge works, it could help security researchers better understand Heartbleed and the danger it represents. Cloudflare, the Internet infrastructure company behind the hacking challenge, says that if somebody can prove that stealing that security key is possible, it would have tremendous implications for the Web's smooth performance.

So the company set up a dummy server with the Heartbleed vulnerability and is encouraging people to use it to break in.

The company's own tests suggest it's really hard to steal a certificate and impersonate someone. But it's impossible to be 100 percent sure; you can never really prove that something won't happen. So throwing more manpower at the problem will help tell us just how hard it is to steal a key. Cloudflare is now tracking "thousands" of people plugging away at the challenge. So far, nobody's solved it. Let's hope it stays that way.

For the first time, advertisers spent more on online ads than broadcast television in the US, according to a new report prepared by PricewaterhouseCoopers for the Interactive Advertising Bureau. Online advertising as a whole brought in a record breaking $42.7 billion in 2013, a 17 percent increase over 2012, compared to the $40.1 billion spent broadcast television.

That's certainly a significant milestone, and it's meant to be the eye-catching part of a press release.

But the details of the report show a much more complicated rivalry between online and broadcast, and tell us more about why tech companies are so eager to get onto television. Television is where the money is. And for good reason: It's where the attention is. According to data from Nielsen published in February, Americans watched 185 hours of television in December of 2013 -- up six hours from December 2012. That was nearly seven times as long as people spent online at their computers, and more than five times as much as they spent using mobile devices like smart phones.

With that sort of consumer interest, it's no wonder big tech companies like Google, Amazon, Microsoft, and Yahoo are trying increase their presence on most Americans' living room display. Online video has been expanding too -- for instance, Disney recently announced a half billion deal to buy the YouTube-based Maker Studio.

For federal regulators, words really matter. An adjective too bold, a verb misconjugated or a particle dropped can ripple across the business world and send stock markets into chaos. That’s why leaders of government agencies so rarely speak in public -- and generally do so with great care. Not Tom Wheeler, the dauntless and plain-spoken chairman of the Federal Communications Commission, who has displayed a rare joy for gab.

“I’m not sitting here sucking eggs,” Chairman Wheeler said at his first public meeting in November, a warning shot of what was to come. “I’m looking seriously at these issues.”

Such candor has defied early assumptions about President Barack Obama’s FCC pick as a lame duck. The 68-year-old has eagerly grasped a national megaphone on the defining -- and the utterly arcane -- telecommunications policy issues of the day.

In coming months, he faces the biggest test of his promise to put consumers first, deciding whether to approve the merger of two of corporate America’s least-popular companies: cable titans Comcast and Time Warner Cable. It will be hard to please all sides with bigger and more controversial decisions ahead:

• He will make the call on Comcast’s $45 billion bid for Time Warner Cable, a deal that would create the first national cable company and a broadband Internet titan with 40 percent of the market share.
• His net neutrality proposal rankled consumer advocates, who say it could allow the richest Web companies to buy better access to users.
• He will launch the biggest sale of television airwaves in years, an auction that could dramatically shrink local broadcasting and determine the dominant providers of mobile services for years to come.

His folksy idioms and direct Midwestern sensibility have won many friends in Congress, the FCC and at the top levels of corporate America. And Chairman Wheeler is unapologetic about the decades he spent leading the National Cable & Telecommunications Association and the CTIA wireless group and then as a venture capitalist with telecom, Internet and broadcast industry investments. Indeed, as he sees it, his lobbying skills are key to his management of the FCC -- a notion that might make others cringe. “This is a job that I’ve been training for my entire professional life,” Chairman Wheeler said.

A major flaw in widely used encryption software has highlighted one of the enduring -- and terrifying -- realities of the Internet: It is inherently chaotic, built by multitudes and continuously tweaked, with nobody in charge of it all.

The Heartbleed bug was a product of the online world’s makeshift nature. While users see the logos of big, multibillion-dollar companies when they shop, bank and communicate over the Internet, nearly all of those companies rely on free software -- often built and maintained by volunteers -- to help make those services secure.

Heartbleed, security experts say, was lodged in a section of code that had been approved two years ago by a developer that helps maintain OpenSSL, a piece of free software created in the mid-1990s and still used by companies and government agencies almost everywhere. While the extent of the damage caused by the bug may never be known, the possibilities for data theft are enormous.

At the very least, many companies and government agencies will have to replace their encryption keys, and millions of users will have to create new passwords on sites where they are accustomed to seeing the small lock icon that symbolizes online encryption.

[Commentary] Comcast Xfinity customers in 14 states and DC are about to get a bump in Internet speeds. The company is more than doubling its mid-tier Xfinity Internet Blast tier to 105 Mbps, and customers using its 105 Mbps tier will be increased to 150 Mbps, at no extra charge.

Comcast's executive vice president David Cohen promises that there's more to come if regulators approve the company's proposed merger with Time Warner Cable. Testifying before the Senate, Cohen vowed to bring "more investments, faster speeds," and expand Comcast's program for low-income broadband subscribers to current Time Warner Cable subscribers.

But pressed by lawmakers about the changes, Cohen also said that many of the benefits would be implemented for Comcast customers either way -- they'd just be accelerated if the merger went through. That introduces a trade-off.

All the other questions about customer service and consumer protection aside, one of the biggest questions to be raised by the Senate hearing is whether lawmakers should use a carrot or a stick to press Comcast to roll out these benefits. The carrot -- allowing the merger with Time Warner Cable -- would allow Comcast to turn on its expanded scale. The big stick: denying the merger Comcast seeks and putting it at greater risk from competitors who would like nothing more than to knock the cable company out of its top position in broadband, video and potentially telephony?

Back9Network, a golf lifestyle cable channel, fears that the merger between Comcast and Time Warner could spell the end of its business.

The remarks by the CEO of the independent programming firm were made during a Senate Judiciary hearing on the proposed $45 billion cable and Internet mega merger.

James Bosworth, chief executive of the Hartford-based network, told lawmakers that for an independent programmer to succeed, it needs its channel to be carried by one of the big four paid television providers: Comcast, Time Warner Cable, Dish or Direct TV.

Ever since Comcast unveiled its plan to take over the nation's second biggest cable company, liberals have been pretty upset about the idea. Among the most vocal is Sen Al Franken (D-MN), who argued recently in blunt messages to federal regulators that "the Internet belongs to the people, not huge corporations." Recently, dozens of left-leaning organizations, such as Moveon.org and SumofUs, sent a letter to the Justice Department and the Federal Communications Commission expressing their displeasure.

Conservatives, by contrast, have mostly kept mum or praised the looming merger. But that may be starting to change as Republicans detect a political opportunity in the proposal -- not to mention some burgeoning problems with the merger itself.

The result is bipartisan objection to a buyout that critics say would be harmful to competition. Republican and conservative groups see the merger as a chance to score points against the Obama Administration, which has close ties with top Comcast executives Brian Roberts and David Cohen. The right-leaning Washington Free Beacon published a 1,200-word column excoriating Comcast's political contributions to Democratic politicians. That was soon followed by columns on Breitbart.com and a number of other outlets.

Comcast says it has loads of competition -- everyone from Facebook to Apple, which Comcast says is contemplating a television set-top box to compete with cable service.

Plus, Netflix and Amazon are already giants in online video, which also keeps the company on its toes, Comcast said in a regulatory filing for its proposed merger with Time Warner Cable.

"The difference between all those competitors and us is they have global and national scale,” said Comcast executive vice president David Cohen. That scale allows companies like Netflix and Apple to sell their products globally and invest in research, development and new technology. Comcast needs the merger with Time Warner to reach that level, he argued. But defining its competition in the broadband Internet industry may be harder for Comcast to do, some public interest groups and technology experts say.

And those definitions may be the crux of federal reviews into the company's $45 billion bid to become a national broadband business.